Dynamically managing, from a centralized service, valid cipher suites allowed for secured sessions

ABSTRACT

A service interface of an SSL application hosted on at least one computer system in a hosted network selecting at least one authorized cipher suite. An SSL socket of the SSL application negotiating with another SSL socket of another SSL application in the hosted network for a mutual cipher from among the at least one authorized cipher suite and a shared key to encrypt information exchanged during a secure session. Responsive to establishing a security connection between the SSL socket and the another SSL socket using the selected mutual cipher, the service interface sends to a centralized service an identifier of the selected mutual cipher. Responsive to the service interface receiving a revoked cipher alert from the centralized service, the service interface revokes one or more sessions of the SSL application using a revoked cipher in the revoked cipher alert matching the selected mutual cipher.

BACKGROUND 1. Technical Field

The embodiment of the invention relates generally to data processing andparticularly to dynamically managing, from a centralized service, validcipher suites allowed for secured sessions.

2. Description of the Related Art

Security protocols, such as secure socket layer (SSL) and transportlayer security (TLS), provide a mechanism for securing data sent overnetworks between clients and servers by encrypting the data. During anegotiation of a secured connection session between a client and serverover a network using an SSL/TLS protocol, such as during an SSLhandshake, the client and server exchange information about which ciphersuites they have in common and mutually select a particular cipher suitefor securing the session. A cipher suite is a named combination ofauthentication, encryption, and message authentication code (MAC) andkey exchange algorithms used to negotiate security settings for anetwork connection using the SSL/TLS network protocol. Each cipher suiteprovides a different level of security.

BRIEF SUMMARY

In one or more embodiments, a method is directed to selecting, by aservice interface of an SSL application hosted on at least one computersystem in a hosted network, at least one authorized cipher suite. Themethod is directed to negotiating, by an SSL socket of the SSLapplication with another SSL socket of another SSL application in thehosted network for a mutual cipher from among the at least oneauthorized cipher suite and a shared key to encrypt informationexchanged during a secure session. The method is directed to, responsiveto establishing a security connection between the SSL socket and theanother SSL socket using the selected mutual cipher, sending, by theservice interface to a centralized service an identifier of the selectedmutual cipher. The method is directed to, responsive to receiving, bythe service interface, a revoked cipher alert from the centralizedservice, revoking one or more sessions of the SSL application using arevoked cipher in the revoked cipher alert matching the selected mutualcipher.

In addition, in one or more embodiments, a computer system comprises oneor more processors, one or more computer-readable memories, one or morecomputer-readable storage devices, and program instructions, stored onat least one of the one or more storage devices for execution by atleast one of the one or more processors via at least one of the one ormore memories. The stored program instructions comprise programinstructions to select, by a service interface of an SSL applicationhosted on at least one computer system in a hosted network, at least oneauthorized cipher suite. The stored program instructions compriseprogram instructions to negotiate, by an SSL socket of the SSLapplication with another SSL socket of another SSL application in thehosted network for a mutual cipher from among the at least oneauthorized cipher suite and a shared key to encrypt informationexchanged during a secure session. The stored program instructionscomprise program instructions to, responsive to establishing a securityconnection between the SSL socket and the another SSL socket using theselected mutual cipher, send, by the service interface to a centralizedservice an identifier of the selected mutual cipher. The stored programinstructions comprise program instructions to, responsive to receiving,by the service interface, a revoked cipher alert from the centralizedservice, to revoke one or more sessions of the SSL application using arevoked cipher in the revoked cipher alert matching the selected mutualcipher.

In addition, in one or more embodiments, a computer program productcomprises one or more computer-readable storage devices and programinstructions, stored on at least one of the one or more storage devices.The stored program instructions comprise program instructions to select,by a service interface of an SSL application hosted on at least onecomputer system in a hosted network, at least one authorized ciphersuite. The stored program instructions comprise program instructions tonegotiate, by an SSL socket of the SSL application with another SSLsocket of another SSL application in the hosted network for a mutualcipher from among the at least one authorized cipher suite and a sharedkey to encrypt information exchanged during a secure session. The storedprogram instructions comprise program instructions to, responsive toestablishing a security connection between the SSL socket and theanother SSL socket using the selected mutual cipher, send, by theservice interface to a centralized service an identifier of the selectedmutual cipher. The stored program instructions comprise programinstructions to, responsive to receiving, by the service interface, arevoked cipher alert from the centralized service, to revoke one or moresessions of the SSL application using a revoked cipher in the revokedcipher alert matching the selected mutual cipher.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

The novel features believed characteristic of one or more embodiments ofthe invention are set forth in the appended claims. The one or moreembodiments of the invention itself however, will best be understood byreference to the following detailed description of an illustrativeembodiment when read in conjunction with the accompanying drawings,wherein:

FIG. 1 illustrates one example of block diagram of a network environmentfor applications with local cipher suite configurations, without acentralized service for managing valid cipher suites;

FIG. 2 illustrates one example of a block diagram of a centralizedservice for managing valid cipher suites for use in secure connectionsacross multiple applications;

FIG. 3 illustrates one example of a block diagram of a centralizedservice for managing valid cipher suites for use in secure connectionsacross multiple applications with service interfaces integrated with SSLsocket configurations;

FIG. 4 illustrates one example of a block diagram of a centralizedservice for managing valid cipher suites for use in secure connectionsacross multiple applications with service interfaces integrated forad-hoc dynamic monitoring of allowable cipher suites from a centralizedservice by SSL client sockets and SSL server sockets;

FIG. 5 illustrates one example of a block diagram of a centralizedservice for managing valid cipher suites for use in secure connectionsacross multiple applications with a service interface integrated forad-hoc dynamic monitoring of allowable cipher suites from a centralizedservice by SSL client sockets and with a service interface integratedinto a gateway for dynamic monitoring of allowable cipher suites formultiple SSL server sockets in a network;

FIG. 6 illustrates one example of a block diagram of a centralizedservice for automatically providing alerts and risk information fornetwork administrators as centralized service manages revoking ciphersuites for current session;

FIG. 7 illustrates one example a block diagram of a cloud environmentfor hosting a centralized service accessed by multiple client systemshosting SSL client applications and multiple server systems hosting SSLserver applications;

FIG. 8 illustrates one example of a block diagram of a computer systemin which one embodiment of the invention may be implemented;

FIG. 9 illustrates one example of a high level logic flowchart of aprocess and computer program for dynamically updating new valid ciphersuites allowed for secured sessions in a list of valid cipher suitesmaintained by a centralized service;

FIG. 10 illustrates one example of a high level logic flowchart of aprocess and computer program for dynamically removing vulnerable ciphersuites from a list of valid cipher suites maintained by a centralizedservice and dynamically revoking, by the centralized service, currentsessions using the vulnerable cipher suites;

FIG. 11 illustrates one example of a high level logic flowchart of aprocess and computer program for dynamically managing, from acentralized service, valid cipher suites provided to SSL applicationsfor secured connections;

FIG. 12 illustrates one example of a high level logic flowchart of aprocess and computer program for maintaining a current session log by acentralized service;

FIG. 13 illustrates one example of a high level logic flowchart of aprocess and computer program for managing a list of permissible ciphers,indicating valid ciphers, pushed by the centralized service to a serviceinterface according to a scheduled service;

FIG. 14 illustrates one example of a high level logic flowchart of aprocess and computer program for dynamically managing access to validcipher suites, by SSL applications, from a centralized service for usein secured connections; and

FIG. 15 illustrates one example of a high level logic flowchart of aprocess and computer program for dynamically managing access to validcipher suites, by SSL applications, from a centralized service for usein secured connections.

DETAILED DESCRIPTION

In the following description, for the purposes of explanation, numerousspecific details are set forth in order to provide a thoroughunderstanding of one or more embodiments of the present invention. Itwill be apparent, however, to one skilled in the art that the one ormore embodiments of the present invention may be practiced without thesespecific details. In other instances, well-known structures and devicesare shown in block diagram form in order to avoid unnecessarilyobscuring the one or more embodiments of the present invention.

In addition, in the following description, for purposes of explanation,numerous systems are described. It is important to note, and it will beapparent to one skilled in the art, that the present invention mayexecute in a variety of systems, including a variety of computer systemsand electronic devices operating any number of different types ofoperating systems.

FIG. 1 illustrates a block diagram of a network environment forapplications with local cipher suite configurations, without acentralized service for managing valid cipher suites.

In one example, a network environment 100 includes an SSL clientapplication 110 and an SSL server application 120. In one example, SSLis a computer networking protocol that manages server authentication,client authentication, and encrypted communication between SSL clientapplication 110 and SSL server application 120. In one example, SSL mayuse a combination of public-key and symmetric-key encryption, based onthe parameters of a selected cipher suite, to secure a connectionbetween two machines over a network. In one example, SSL may run in alayer above the transmission control protocol/internet protocol (TCP/IP)layer, which manages the transport and routing of data over a network,such as the Internet or a private network. In one example, SSL mayencrypt the data of network connections in an application layer. TLS isanother security protocol that provides privacy and data integritybetween two communication applications, such as SSL client application110 and SSL server application 120, which require data to be securelyexchanged over a network, such as file transfers VPN connections,instant messaging, and voice over IP. As described herein, references toSSL may refer to SSL, TLS or a combination of SSL/TLS.

In one example, when initiating a new secured session, an SSL clientsocket 114 is established for SSL client application 110 according toSSL socket configuration 116 and an SSL server socket 124 is establishedfor SSL server application 120 according to SSL socket configuration126. In one example, each of SSL client socket 114 and SSL server socket124 may refer to an endpoint in communication flow between two programsrunning over a network, where data is passed back and forth between SSLclient application 110 and SSL server application 120 via SSL clientsocket 114 and SSL server socket 124 in a network. In one example, eachof SSL socket configuration 116 and SSL socket configuration 126 mayinclude the attributes needed to control the behavior of client andserver SSL endpoints. In one example, each SSL socket configuration mayinclude unique names with specific management scopes, such as a cell,node group, node, server, cluster, or endpoint scope.

In one example, when a new secured session is initiated for SSL clientapplication 110 and SSL server application 120, the SSL protocol mayimplement a first protocol, called a record protocol, that allows aclient to authenticate a server for the session and a second protocol,called a handshake protocol, that allows the client and server toestablish an encrypted SSL connection for the session. Following thehandshake protocol, which may also be referred to as a handshake phase,the SSL client application 110 and SSL server application 120 mutuallyselect a cipher suite and shared key to encrypt information exchangedduring the session.

In particular, in one example, to allow users to select a level ofsecurity that meets their security needs, and to enable communicationsbetween different users who may have different security needs, SSLclient socket 114 and SSL server socket 124 may mutually select a commoncipher suite that both SSL client application 110 and SSL serverapplication 120 have in common. In one example, if SSL clientapplication 110 and SSL server application 120 do not have a ciphersuite in common, then a secure communication channel may not beestablished between SSL client application 110 and SSL serverapplication 120.

Different cipher suites may provide different levels of security. Forexample, some cipher suites may implement algorithms that provide highlevels of security, but require a large amount of computation forencryption and decryption. For example, some cipher suites may implementalgorithms that are less secure, but provide rapid encryption anddecryption. In one example, the length of a key that is used forencryption by a cipher suite may impact the level of security, where alonger key may provide greater security for the data.

In one example, to facilitate selection of a cipher suite during an SSLhandshake, in one example, SSL socket configuration 116 and SSL socketconfiguration 126 may each include an attribute identifying a selectionof authorized cipher suites. For example, SSL socket configuration 116may specify that SSL client socket 114 should access a selection ofvalid ciphers from a local or network level based cipher suiteconfiguration 112 and SSL socket configuration 126 may specify that SSLserver socket 124 should access a selection of valid ciphers from alocal or network level based cipher suite configuration 122. In oneexample, each of cipher suite configuration 112 and cipher suiteconfiguration 122 may specify the same sets of cipher suites ordifferent sets of cipher suites available for securing communications.

In one example, during an SSL handshake, SSL client socket 114 and SSLserver socket 124 may exchange information about which cipher suites areavailable to each, in order to mutually agree on a common cipher suite.In one example, during a handshake phase 140, as illustrated by clientcipher 142, SSL client socket 114 may pass identifiers of client ciphersuites from cipher suite configuration 112 to SSL server socket 124,where SSL server socket 124 may determine which received cipher suitesin client cipher 142 match server cipher suites in cipher suiteconfiguration 122 and may return one or more matching cipher suites inserver cipher 144, for use in the secure connection between SSL clientsocket 114 and SSL server socket 124. SSL client socket 114 or SSLclient socket 124 may select mutual cipher 146 from the matching ciphersuites returned in server cipher 144. In another example, during ahandshake phase 140, as illustrated by server cipher 144, SSL serversocket 124 may pass identifiers of server cipher suites from ciphersuite configuration 122 to SSL client socket 114, where SSL clientsocket 114 may determine which received cipher suites in server cipher144 match client cipher suites in cipher suite configuration 112 and mayreturn one or more matching cipher suites in client cipher 142, for usein the secure connection between SSL client socket 114 and SSL serversocket 124. SSL client socket 114 or SSL client socket 124 may selectmutual cipher 146 from the matching cipher suites returned in clientcipher 142. In additional or alternate embodiments, additional oralternate steps may be included in handshake phase 140 for the selectionof mutual cipher 146.

Malicious users may look for ways to exploit secure connectionsestablished with cipher suites with weaker security. Some cipher suitesmay become vulnerable from successful attacks by malicious users, wheremalicious users determine a method of accessing data that has beensecured with a particular cipher suite. Network administrators,including but not limited to network security professionals and otherswho monitor or manage networks, may become aware of an attack bymalicious users on a particular cipher suite, which exposes thevulnerabilities of the cipher suite. In one example, once a networkadministrator identifies a cipher suite vulnerability, the networkadministrator may publish the discovery of the vulnerability and a riskassociated with the vulnerability in a document that other networkadministrators may access. For example, mitre.org manages a publishedlist of Common Vulnerabilities and Exposures (CVEs) with a log ofdiscovered vulnerabilities of cipher suites recorded using a set offormatting rules specified by the organization.

In one example, when a particular cipher suite is discovered asvulnerable after an attack, depending on the security requirements for aparticular application, a network administrator may determine thatdiscovered vulnerabilities indicate a particular cipher suite is toorisky for users within an organization's network to implementapplications that use the particular cipher suite. However, when anetwork administrator does determine that a particular cipher suite istoo risky for users, if SSL socket configuration 116 is set to aselection of valid cipher suites in cipher suite configuration 112,which is managed at a local application or network level, and SSL socketconfiguration 126 is set to a selection of valid cipher suites in ciphersuite configuration 122, which is managed at a local application ornetwork level, the network administrators of the networks in which eachof SSL client application 110 and SSL server application 120 run may nothave visibility as to which applications used within each organization'snetwork include the vulnerable cipher suite within the local or networkcipher suite configuration or may not have visibility into whichapplications currently have sessions open that use the vulnerable ciphersuite. In addition, each organization's network may have manyapplications on many servers with many sessions open that use thevulnerable cipher suite and if monitored at the network level, mayrequire a network administrator to reprogram one or more layers on eachserver to remove the vulnerable cipher suite, which requires additionaltime, leaving the servers open for exploitation through the vulnerablecipher suite.

FIG. 2 illustrates a block diagram of a centralized service for managingvalid cipher suites for use in secure connections across multipleapplications.

In one example, a centralized service 210 manages a list of permissibleciphers 224 for use by one or more SSL applications when an SSLhandshake is being performed to dynamically manage a selection of validcipher suites passed by each of the SSL applications. In one example,permissible ciphers 224 may include identifiers for one or more ciphersuites that have not been indicated as vulnerable or that may haveindicators of vulnerability, but have a level of risk below a particularthreshold.

In one example, centralized service 210 may include an update controller220 for managing entries in permissible ciphers 224. Update controller220 may receive a vulnerable cipher report 222 from one or more sources,where vulnerable cipher report 222 indicates a discovery of avulnerability of a particular cipher suite and any risks associated withthe vulnerability. Update controller 220 may determine whether adiscovery of a vulnerability of a particular cipher suite and any risksassociated with the vulnerability indicate that the cipher suite shouldbe removed from permissible ciphers 224. In one example, if updatecontroller 220 removes a particular cipher suite from permissibleciphers 224, update controller 220 may also update a vulnerable cipherslog 226 with a record of the time and date of vulnerable cipher report222, the cipher suite removed and any risks associated with the ciphersuite.

In another example, update controller 220 may receive a new cipherreport 230 from one or more sources, where new cipher report 230specifies a new cipher suite to add to permissible ciphers 224. In oneexample, update controller 220 may verify that the source of new cipherreport 230 is authorized to add a new cipher suite to permissibleciphers 224, and in response to determining the source is authorized,update permissible ciphers 224 with the new cipher suite identified innew cipher report 230. In one example, as new cipher suites aredeveloped and determined to meet the security requirements for anorganization's network, a network administrator may send new cipherreport 230 to update controller 220, to effectively update the ciphersuites available to all the SSL applications that subscribe tocentralized service 210 without the network administrator needing toindividually update each SSL application with the new cipher suite.

In one example, vulnerable cipher report 222 may represent a reportpublished in one or more formats, such as, but not limited to, a pdfformat, a .xml format, and a table format. In one example, updatecontroller 220 may include a filter that reads the data in vulnerablecipher report 222, compares vulnerable cipher report 222 with apreviously received report, and determines which entries in vulnerablecipher report 222 are new or updated. In one example, update controller220 may also include a filter enabled to interpret data reported invulnerable cipher report 222 to determine which cipher suites areidentified and any risk identified with each cipher suite. In anotherexample, an administrator may specify vulnerable cipher report 222 withone or more cipher suite identifiers and risks associated with eachcipher suite identifier.

In one example, centralized service 210 may maintain a list of one ormore users or services that are authorized to provide vulnerable cipherreport 222, as authorized updaters 228. In one example, updatecontroller 220 may only read vulnerable cipher report 222 if receivedfrom a user included in authorized updaters 228. In another example,update controller 220 may pull vulnerable cipher report 222 from aservice identified in authorized updaters 228, where authorized updaters228 may include services that publish information discovered aboutcipher suite vulnerabilities and that are subscribed to by centralizedservice 210.

In one example, centralized service 210 includes an applicationinterface 240 through which applications, such as SSL client application110 and SSL server application 120 may interface. In one example, an SSLapplication may implement a service interface 260, through which the SSLapplication interfaces with application interface 240 of centralizedservice. In one example, centralized service 210 is implemented as aservice in a centrally hosted environment in which centralized service210 is accessible to one or more of SSL client application 110 and SSLserver application 120 via a network connection, but centralized service210 is not implemented within SSL client application 110 or SSL serverapplication 120 and is not implemented within a gateway or firewallaccessible to SSL client application 110 or SSL server application 120.For example, centralized service 210 may be implemented as a service ina hosted environment for one or more subscribers registered in a userlog 248, where the hosted environment is centrally hosted for access bymultiple subscribers in multiple private network environments, such as ahosted environment in a cloud computing environment. For example,centralized service 210 may be implemented under a Software as a Servicemodel from a cloud provider. In another example, centralized service 210may be provided by an application service provider or on demand serviceprovider.

In one example, SSL client application 110 and SSL server application120 may each implement a separate instance of service interface 260 thatseparately sends list request 242 to application interface 240,requesting a current list of permissible ciphers. In one example,application interface 240 may receive list request 242 from anapplication, verify that service interface 260 of the requestingapplication is a subscriber in user log 248, access permissible ciphers224, and return permissible ciphers 224 as current permissible ciphers246 to service interface 260. In another example, centralized service210 may push current permissible ciphers 246 to service interface 260,according to a service schedule specified in user log 248. As serviceinterface 260 receives current permissible ciphers 246, applicationsrequesting current permissible ciphers 246 may lookup and share theciphers in current permissible ciphers 246 during the SSL/TLS handshakephase, separate from or in lieu of any cipher suite configuration for anapplication. As a result, if permissible ciphers 224 is updated toremove a cipher suite identified in vulnerable cipher report 222 asvulnerable, new sessions initiated by applications receiving currentpermissible ciphers 246, without the removed cipher suite, will not usethe removed cipher suite.

In one example, service interface 260 may send session data 244 toapplication interface 240, where session data 244 includes identifiersof one or more sockets established for a secure session and the ciphersuite selected for the secure session. Application interface 240 mayupdate a current session log 246 with the identifiers for sockets andcipher suite selection from session data 244.

In one example, as update controller 220 updates vulnerable ciphers log226 with vulnerable cipher suites, a revoke controller 250 may betriggered to revoke the cipher suite for one or more current sessionidentified in current sessions log 246. In one example, in response toan update by update controller 220 to vulnerable ciphers log 226, revokecontroller 250 may identify a selection of one or more open sessions incurrent sessions log 246 that implement the revoked cipher suite,identify where to direct subscriber communications for each of theselection of open sessions from communication directives in user log 248from among applications and network administrators, and send alertmessages to the selected service interfaces of applications and networkadministrators for applications with open sessions currently using therevoked cipher suite, as revoked cipher alerts 252. In one example,service interface 260 of an application may receive revoked cipheralerts 252 and automatically close the secure connection on theapplication.

FIG. 3 illustrates a block diagram of a centralized service for managingvalid cipher suites for use in secure connections across multipleapplications with service interfaces integrated with SSL socketconfigurations.

In one example, centralized service 210 is accessible in a centrallyhosted network 302. In one example, an SSL client application 310 mayload an SSL socket configuration 316 and an SSL server application 320may load an SSL socket configuration 326. SSL client application 310 mayinitiate an SSL client socket 314, based on SSL socket configuration316, and SSL server application 320 may initiate an SSL server socket324, based on SSL socket configuration 326.

In one example, an attribute of SSL socket configuration 316 specifyingthe selection of valid cipher suites may be set to access a serviceinterface 312 and an attribute of SSL socket configuration 326specifying the selection of valid cipher suites may be set to access aservice interface 322. In one example, service interface 312 may beintegrated within SSL client application 310 or called by SSL clientapplication 310. In addition, in one example, service interface 322 maybe integrated within SSL server application 320 or called by SSL serverapplication 320.

In one example, when a SSL handshake phase 340 is triggered, overridingany local cipher suite configuration set for an application, SSL socketconfiguration 316 may alert service interface 312 that the SSL handshakeis triggered. Service interface 312 may send list request 242 tocentralized service 210 and receive current permissible ciphers 252 fromcentralized service 210. SSL socket configuration 316 may specify theauthorized cipher suites for SSL client socket client to pass to SSLserver socket 324 as client cipher 342 during handshake phase 340 fromcurrent permissible ciphers 252 returned from centralized service 210.

In addition, in one example, when SSL handshake phase 340 is triggered,overriding any local cipher suite configuration set for an application,SSL socket configuration 326 may alert service interface 322 that theSSL handshake is triggered. Service interface 322 may send list request242 to centralized service 210 and receive current permissible ciphers252 from centralized service 210. SSL socket configuration 326 mayspecify the authorized cipher suites for SSL server socket 324 to passto SSL client socket 314 as server cipher 344 during handshake phase 340from current permissible ciphers 252 returned from centralized service210.

In one example, SSL client socket 314 and SSL server socket 324 mayselect mutual cipher 346 from among one or more matching cipher suitesallowed in current permissible ciphers 246 as passed by centralizedservice 210 to each of service interface 312 and service interface 322.Since centralized service 210 actively monitors for vulnerable ciphers,centralized service 210 removes any ciphers suites found to bevulnerable and only delivers valid cipher suites in current permissibleciphers.

In one example, in response to establishing the secure connectionbetween SSL client socket 314 and SSL server socket 324 based on mutualcipher 346, each of service interface 312 and service interface 322 mayseparately send session data 244 to centralized service 210 withinformation about SSL client socket 314, SSL server socket 324, andmutual cipher 346. In one example, by each of service interface 312 andservice interface 322 registering information about the current sessionwith centralized service 210, centralized service 210 may then trackwhether mutual cipher 346 is removed from permissible ciphers 224, andin response to update controller removing mutual cipher 346 frompermissible ciphers 224, revoke controller 250 may send separate revokedcipher alerts 252 specifically to service interface 312 and serviceinterface 322 to trigger each of the SSL client socket 314 and SSLserver socket 324 to close the secure communication.

In one example, by configuring service interface 312 and serviceinterface 322 within SSL socket configuration 316 and SSL socketconfiguration 326, for a network administrator to establish a serviceinterface as the interface for SSL sockets for an SSL client applicationor an SSL server application, the network administrator only needs toupdate the SSL socket configuration for the SSL application to direct toa service interface that facilitates a subscription to centralizedservice 210. Network administrators may rely on centralized service 210to centrally maintain a valid list of permissible ciphers for newsessions by subscribing SSL sockets and to monitor current SSL sessionsand provide updates to the SSL sockets if a mutual cipher suite selectedfor a current SSL session is revoked. While in the example illustrated,the SSL socket configuration for both SSL client application 310 and SSLserver application 320 has been specified to a separate serviceinterface for accessing centralized service 210, in additional oralternate examples, only one of SSL client application 310 and SSLserver application 320 may include an SSL socket configuration specifiedto a service interface for accessing centralized service 210. Each ofSSL client application 310 and SSL server application 320 may separatelydetermine that mutual cipher 346 is vulnerable and select to terminate acurrent secure connection.

FIG. 4 illustrates a block diagram of a centralized service for managingvalid cipher suites for use in secure connections across multipleapplications with service interfaces integrated for ad-hoc dynamicmonitoring of allowable cipher suites from a centralized service by SSLclient sockets and SSL server sockets.

In one example, centralized service 210 is accessible in a centrallyhosted network 402. In one example, an SSL client application 410 mayload an SSL socket configuration 416 and an SSL server application 420may load an SSL socket configuration 426. SSL client application 410 mayinitiate an SSL client socket 414, based on SSL socket configuration416, and SSL server application 420 may initiate an SSL server socket424, based on SSL socket configuration 426.

In one example, an attribute of SSL socket configuration 416 specifyingthe selection of valid cipher suites may be set to enable SSL clientsocket 414 to be created with a service interface (SI) 412 thateffectively supports an ad hoc network connection between SSL clientsocket 414 and centralized service 210. In one example, SSL socketconfigurations 416 may include specifications for centralized service210 to enable SSL client socket 414 to establish a self-configuring,dynamic connection to centralized service 210 as SSL client socket 414is opened.

In one example, an attribute of SSL socket configuration 426 specifyingthe selection of valid cipher suites may be set to enable SSL serversocket 424 to be created with a service interface (SI) 422 thateffectively supports an ad hoc network connection between SSL serversocket 424 and centralized service 210. In one example, SSL socketconfigurations 426 may include specifications for centralized service210 to enable SSL server socket 424 to establish a self-configuring,dynamic connection to centralized service 210 as SSL server socket 424is opened.

In one example, when a SSL handshake phase 440 is triggered, serviceinterface 412 may send list request 242 to centralized service 210 andreceive current permissible ciphers 252 from centralized service 210.SSL client socket 414 may pass the cipher suites specified in currentpermissible ciphers 246 to SSL server socket 424 as client cipher 442during handshake phase 440. In addition, when a SSL handshake phase 440is triggered, service interface 422 may send list request 242 tocentralized service 210 and receive current permissible ciphers 246 fromcentralized service 210. SSL server socket 424 may pass the ciphersuites specified in current permissible ciphers 246 to SSL client socket414 as server cipher 444 during handshake phase 440.

In one example, SSL client socket 414 and SSL server socket 424 mayselect mutual cipher 446 from among one or more matching cipher suitesallowed in current permissible ciphers 246 as passed by centralizedservice 210 to each of service interface 412 and service interface 422.Since centralized service 210 actively monitors for vulnerable ciphers,centralized service 210 removes any ciphers suites found to bevulnerable and only delivers valid cipher suites in current permissibleciphers.

In one example, in response to establishing the secure connectionbetween SSL client socket 414 and SSL server socket 424 based on mutualcipher 446, each of service interface 412 and service interface 422 mayseparately send session data 244 to centralized service 210 withinformation about SSL client socket 414, SSL server socket 424, andmutual cipher 446. In one example, by each of service interface 412 andservice interface 422 registering information about the current sessionwith centralized service 210, centralized service 210 may then trackwhether mutual cipher 446 is removed from permissible ciphers 224, andin response to update controller removing mutual cipher 446 frompermissible ciphers 224, revoke controller 250 may send separate revokedcipher alerts 252 specifically to service interface 412 and serviceinterface 422 to trigger each of the SSL client socket 414 and SSLserver socket 424 to close the secure communication.

In one example, by configuring SSL socket configuration 416 and SSLsocket configuration 426 to separately enable an ad hoc creation of anetwork connection for each of SSL client socket 414 and SSL serversocket 424 to centralized service 210, the network administrator onlyneeds to update the SSL socket configuration for the SSL application todirect to a service interface that facilitates a subscription tocentralized service 210. While in the example illustrated, the SSLsocket configuration for both SSL client application 410 and SSL serverapplication 420 has been specified for ad hoc creation of a networkconnection from a socket to access centralized service 210, inadditional or alternate examples, only one of SSL client application 410and SSL server application 420 may include an SSL socket configurationspecified for ad hoc creation of a network connection from a socket toaccess centralized service 210. Each of SSL client application 410 andSSL server application 420 may separately determine that mutual cipher446 is vulnerable and select to terminate a current secure connection.

FIG. 5 illustrates a block diagram of a centralized service for managingvalid cipher suites for use in secure connections across multipleapplications with a service interface integrated for ad-hoc dynamicmonitoring of allowable cipher suites from a centralized service by SSLclient sockets and with a service interface integrated into a gatewayfor dynamic monitoring of allowable cipher suites for multiple SSLserver sockets in a network.

In one example, centralized service 210 is accessible in a centrallyhosted network 502. In one example, as described in FIG. 4, SSL clientapplication 410 may load an SSL socket configuration 416 and SSL clientapplication 410 may initiate an SSL client socket 414, based on SSLsocket configuration 416.

In one example, a gateway 524 configured for interfacing with multipleSSL server sockets in a network, for an SSL server application 520, isspecified with a service interface (SI) 522. In one example, gateway mayinterface with an SSL server in a network 526 and an SSL server in anetwork 528. In one example, gateway 524 may include networking hardwarethat provides a network node for interfacing with another network thatuses different protocols. In one example, gateway 524 may also act as aproxy server or a firewall server.

In one example, when gateway 524 detects that an SSL handshake phase 540is triggered for SSL server socket in a network 526 or SSL server socketin a network 528, service interface 522 may send list request 242 tocentralized service 210 and receive current permissible ciphers 246 fromcentralized service 210. In one example, gateway 524 may pass currentpermissible ciphers 246 to SSL server socket in a network 526 or SSLserver socket in a network 528 and the SSL server socket may specifyserver cipher 544 sent during the handshake phase with currentpermissible ciphers 246. In another example, gateway 524 may insertcurrent permissible ciphers 246 into server cipher 544 before passingserver cipher 544 to SSL client socket 414.

In one example, SSL client socket 414 and gateway 524 may select mutualcipher 546 from among one or more matching cipher suites allowed incurrent permissible ciphers 246 as passed by centralized service 210 toeach of service interface 412 and service interface 522. Sincecentralized service 210 actively monitors for vulnerable ciphers,centralized service 210 removes any ciphers suites found to bevulnerable and only delivers valid cipher suites in current permissibleciphers.

In one example, in response to establishing the secure connectionbetween SSL client socket 414 and either of SSL server socket in anetwork 526 or SSL server socket in a network 528 through gateway 524,service interface 412 and service interface 522 may separately sendsession data 244 to centralized service 210 with information about SSLclient socket 414, gateway 524, and mutual cipher 546. In one example,by each of service interface 412 and service interface 522 registeringinformation about the current session with centralized service 210,centralized service 210 may then track whether mutual cipher 546 isremoved from permissible ciphers 224, and in response to updatecontroller removing mutual cipher 546 from permissible ciphers 224,revoke controller 250 may send separate revoked cipher alerts 252specifically to service interface 412 and service interface 522 totrigger each of the SSL client socket 414 and gateway 524 to close thesecure communication. In one example, gateway 524, upon receipt of arevoked cipher alerts 252 may selectively close multiple currentsessions opened through gateway 524 that use the revoked cipher suite.

In one example, while gateway 524 may be configured with serviceinterface 522 for dynamically managing a current list of valid ciphersuites, the list of valid cipher suites, managed as permissible ciphers224, is managed by centralized service 210 and pushed to gateway 524 ondemand, or as a scheduled service, such that a network administratoronly needs to configure gateway 524 to access centralized service 210,and centralized service 210 then dynamically manages current permissibleciphers 246 sent to gateway 524, but the network administrator does notneed to configure gateway 524 with specific cipher suites, which may belater found to be vulnerable, and require reprogramming.

FIG. 6 illustrates a block diagram of a centralized service forautomatically providing alerts and risk information for networkadministrators as centralized service manages revoking cipher suites forcurrent session.

In one example, network administrators that monitor networks fororganization, where the networks may include one or more SSLapplications, may subscribe to centralized service 210 for the one ormore SSL applications. In one example, each network administrator maymanage a network through a network administrator interface, such as anetwork administrator interface 610 and a network administratorinterface 620. In one example, each network administrator interface mayinclude a network management controller for managing one or more SSLapplications in a network environment, such as network managementcontroller 614 for a network environment 616 and network managementcontroller 624 for a network environment 626 for managing one or moreSSL applications in a network.

In one example, each of network environment 616 and network environment626 may include one or more service interfaces for connecting SSLapplications with centralized service 210. In addition, networkmanagement controller 614 may include a service interface 612 andnetwork management controller 624 may include a service interface 622.Service interface 612 and service interface 622 may be specified, bynetwork environment, to enable centralized service 210 to deliverrevoked cipher alerts 252 to network administrators when sessions openwithin each network environment managed by each network administratorreceive revoked cipher alerts 252.

In one example, session data 244 passed by service interfaces tocentralized service 210 when a new session is established, in additionto include information about the client socket, server socket, andmutual cipher selected, may also designate a subscription identifier fora particular network environment. In one example, when revoke controller250 determines that there are sessions open in current sessions log 246that use a newly revoked cipher suite, revoke controller 250 maydistribute revoked cipher alerts 252 to the service interfaces at thesocket level, but may also distribute revoked cipher alerts 252 to theservice interfaces at the network administrator level. For example, ifcentralized service 210 detects a session in network environment 616 isusing a cipher suite that is newly revoked, centralized service 210 maysend revoked cipher alerts 252 to the session in network environment 616and to service interface 612. For example, if centralized service 210detects a session in network environment 626 is using a cipher suitethat is newly revoked, centralized service 210 may send revoked cipheralerts 252 to the session in network environment 626 and to serviceinterface 622.

Service interface 612 and service interface 622 may integrate revokedcipher alerts 252 into one or more types of output interfaces of networkadministrator interface 610 and network administrator interface 612. Forexample, as service interface 612 and service interface 622 receiverevoked cipher alerts 252, each of the service interfaces may beconfigured to output revoked cipher alerts in different ways. Revokedcipher alerts 252 may include information about a revoked cipher suiteand the risks of the revoked cipher suite. A network administrator mayselect to categorize the types of risks that should be output ascritical risks, such as risks that may need to automatically triggershutting down the physical hardware of particular portions of a networkenvironment versus the types of risks that should be output a lesscritical risks, such as risks that may need to be output in a displayinterface and prompt a selection of actions by a network administrator,but not require shutting down the physical hardware to a networkenvironment.

In one example, revoked cipher alerts 252 distributed by centralizedservice 210 to service interface 612 and service interface 622 maygenerically specify the type of cipher suite that was revoked and therisks of the cipher suite. In addition, revoked cipher alerts 252distributed to service interface 612 and service interface 622 mayspecify the specific sockets that were impacted, the number of socketsfor a particular subscription that were impacted, and other informationthat may indicate the degree of exposure that a network environment mayhave experienced due to a vulnerable cipher suite.

In the example, by centralized service 210 monitoring for vulnerablecipher suites and distributing revoked cipher alerts 252 to opensessions within network environments, when network administrators alsoreceive revoked cipher alerts 252, the network administrators may focuson actions that need to be taken to mediate risks to the higher levelnetwork infrastructure, rather than focusing on closing individual opensessions, relying on centralized service 210 to distribute revokedcipher alerts 252 to trigger sockets to close secured channels that wereopened with a revoked cipher suite.

FIG. 7 illustrates a block diagram of one example of a cloud environmentfor hosting a centralized service accessed by multiple client systemshosting SSL client applications and multiple server systems hosting SSLserver applications.

In one example, cloud computing is a model of service delivery forenabling convenient, on-demand network access to a shared pool ofconfigurable computing resources (e.g. networks, network bandwidth,servers, processing, memory, storage applications, virtual machines, andservices) that can be rapidly provisioned and released with minimalmanagement effort or interaction with a provider of the service. Thiscloud model may include one or more characteristics, one or more servicemodels, and one or more deployment models.

For example, characteristics may include, but are not limited to,on-demand self-service, broad network access, resource pooling, rapidelasticity, and measured service. In one example, on-demand self-servicemay include a service in which a cloud consumer can unilaterallyprovision computing capabilities, such as server time and networkstorage, as needed automatically without requiring human interactionwith the service's provider. In one example, broad network access mayinclude capabilities that are available over a network and accessedthrough standard mechanisms that promote use by heterogeneous thin orthick client platforms (e.g., mobile phones, laptops, and PDAs). In oneexample, resource pooling may include an environment in which theprovider's computing resources are pooled to serve multiple consumersusing a multi-tenant model, with different physical and virtualresources dynamically assigned and reassigned according to demand. Thereis a sense of location independence in that the consumer generally hasno control or knowledge over the exact location of the providedresources but may be able to specify location at a higher level ofabstraction (e.g., country, state, or datacenter). In one example, rapidelasticity may include capabilities that may be rapidly and elasticallyprovisioned, in some cases automatically, to quickly scale out andrapidly released to quickly scale in. To the consumer, the capabilitiesavailable for provisioning often appear to be unlimited and can bepurchased in any quantity at any time. In one example, measured servicemay include support for cloud systems to automatically control andoptimize resource use by leveraging a metering capability at some levelof abstraction appropriate to the type of service (e.g., storage,processing, bandwidth, and active user accounts). Resource usage can bemonitored, controlled, and reported providing transparency for both theprovider and consumer of the utilized service.

In one example, the one or more service models may include, but are notlimited to, Software as a Service (SaaS), Platform as a Service (PaaS),and Infrastructure as a Service (IaaS). In one example, software as aService (SaaS) may include a capability provided to the consumer to usethe provider's applications running on a cloud infrastructure. Theapplications are accessible from various client devices through a thinclient interface such as a web browser (e.g., web-based e-mail). Theconsumer does not manage or control the underlying cloud infrastructureincluding network, servers, operating systems, storage, or evenindividual application capabilities, with the possible exception oflimited user-specific application configuration settings. In oneexample, platform as a Service (PaaS) may include the capabilityprovided to the consumer to deploy onto the cloud infrastructureconsumer-created or acquired applications created using programminglanguages and tools supported by the provider. The consumer does notmanage or control the underlying cloud infrastructure includingnetworks, servers, operating systems, or storage, but has control overthe deployed applications and possibly application hosting environmentconfigurations. In one example, infrastructure as a Service (IaaS) mayinclude the capability provided to the consumer to provision processing,storage, networks, and other fundamental computing resources where theconsumer is able to deploy and run arbitrary software, which can includeoperating systems and applications. The consumer does not manage orcontrol the underlying cloud infrastructure but has control overoperating systems, storage, deployed applications, and possibly limitedcontrol of select networking components (e.g., host firewalls).

In one example, the one or more deployment Models may include, but arenot limited to, private cloud, community cloud, public cloud, and hybridcloud. In one example, private cloud may include a cloud in which thecloud infrastructure is operated solely for an organization. It may bemanaged by the organization or a third party and may exist on-premisesor off-premises. In one example, a community cloud may include the cloudinfrastructure that is shared by several organizations and supports aspecific community that has shared concerns (e.g., mission, securityrequirements, policy, and compliance considerations). The communitycloud may be managed by the organizations or a third party and may existon-premises or off-premises. In one example, a public cloud may includecloud infrastructure that is made available to the general public or alarge industry group and is owned by an organization selling cloudservices. In one example, a hybrid cloud may include cloudinfrastructure that is a composition of two or more clouds (private,community, or public) that remain unique entities but are bound togetherby standardized or proprietary technology that enables data andapplication portability (e.g., cloud bursting for load-balancing betweenclouds).

In one example, a cloud computing environment is service oriented with afocus on statelessness, low coupling, modularity, and semanticinteroperability. At the heart of cloud computing is an infrastructurecomprising a network of interconnected nodes.

In one example, a cloud computing environment 700 may include one ormore nodes, with which computing devices used by cloud consumers maycommunicate. In one example, the computer system illustrated in FIG. 8is one example of a node. In another example, additional or alternatetypes of computing systems may be implemented as a node. In one example,the one or more nodes within cloud computing environment 700 maycommunicate with one another. They may be grouped (not shown) physicallyor virtually, in one or more networks, such as Private, Community,Public, or Hybrid clouds as described hereinabove, or a combinationthereof. This allows cloud computing environment 700 to offerinfrastructure, platforms and/or software as services for which a cloudconsumer does not need to maintain resources on a local computingdevice. It is understood that the type of computing device shown in FIG.8 is intended to be illustrative only and that the computing nodeswithin cloud computing environment 700 can communicate with any type ofcomputerized device over any type of network and/or network addressableconnection (e.g., using a web browser).

In one example, cloud computing environment 700 may include or morefunctional abstraction layers, supported by the one or more nodes. Forexample, cloud computing environment 700 may include a hardware andsoftware layer with hardware and software components, a virtualizationlayer that provides an abstraction layer from which virtual servers,virtual storage, virtual networks, virtual applications and operatingsystems, and virtual clients, may be provided. A management layer mayprovide resource provisioning, which provides dynamic procurement ofcomputing resources and other resources that are utilized to performtasks within the cloud computing environment. The management layer mayprovide metering and pricing, which provide cost tracking as resourcesare utilized within the cloud computing environment, and billing orinvoicing for consumption of these resources. The management layer mayprovide security, which provides identity verification for cloudconsumers and tasks, as well as protection for data and other resources.The management layer may provide a user portal that provides access tothe cloud computing environment for consumers and system administrators.The management layer may provide service level management that providescloud computing resource allocation and management such that requiredservice levels are met. The management layer may provide service LevelAgreement (SLA) planning and fulfillment to provide pre-arrangement for,and procurement of, cloud computing resources for which a futurerequirement is anticipated in accordance with an SLA.

In addition, the layers may include a workload layer that provides thefunctionality of centralized service 210. In one example, multipleclient systems hosting one or more instances of SSL client applicationsmay access centralized service 210. For example, a client system 714 mayhost an SSL client application 710 that accesses centralized service 210via an SI 712, a client system 754 may host an SSL client application750 that accesses centralized service 210 via an SI 752, and a clientsystem 744 may host an SSL client application 740 that accessescentralized service 210 via an SI 742. In one example, a server system724 may host an SSL server application 720 that accesses centralizedservice 210 via an SI 722 and a server system 734 may host an SSL clientapplication 730 that accesses centralized service 210 via an SI 732.

In one example, by hosting centralized service 210 in cloud computingenvironment 700, multiple clients and servers may subscribe tocentralized service 210, which provides a service for managing validcipher suites for use in secure connections across multiple applicationswith one or more configurations of service interfaces, such as theconfigurations illustrated in FIGS. 3, 4, 5, and 6, independent of anyparticular private or public network hosting each of the clients andservers accessing centralized service 210. For example, SSL clientapplication 750 may initiate SI 752 on an SSL client socket, while SSLclient application 740 may initiate SI 742 from an SSL socketconfiguration.

In addition, in one example, by hosting centralized service 210 in cloudcomputing environment 700, a network administrator may subscribe tocentralized service 210 for multiple instances of an SSL clientapplication, where centralized service 210 then both monitors forciphers that are invalid and automatically revokes invalidated ciphersat any of the subscribing SSL client applications that have a currentsecure connection established with the invalid cipher. For example, anadministrator may subscribe to centralized service 210 for SSL clientapplication 710 and SSL client application 750. Another administratormay subscribe to centralized service for SSL client application 740. Inone example, centralized service 210 detects when each of SSL clientapplication 710, SSL client application 740 and SSL client application750 initiate secure connections with SSL server applications, and pushesa list of current permissible ciphers to each of the SSL clientapplications. In one example, SSL client application 710 and SSL clientapplication 740 may each establish a secure connection with SSL serverapplication 720 using a first cipher suite and SSL client application750 may establish a secure connection with SSL server application 730with a second cipher suite. In one example, in response to centralizedservice 210 detecting the first cipher suite is compromised and invalid,centralized service 210 may manage sending revoked cipher alerts to bothSSL client application 710 and SSL client application 740, toefficiently manage revocation of compromised cipher suites for sessionscurrently active using the compromised cipher suites, for multiplenetwork administrator subscribers, independent of the underlyingconfiguration of the SSL client applications within networks monitoredby each of the network administrators.

FIG. 8 illustrates a block diagram of one example of a computer systemin which one embodiment of the invention may be implemented. The one ormore embodiments of the present invention may be performed in a varietyof systems and combinations of systems, made up of functionalcomponents, such as the functional components described with referenceto a computer system 800 and may be communicatively connected to anetwork, such as network 802.

Computer system 800 includes a bus 822 or other communication device forcommunicating information within computer system 800, and at least onehardware processing device, such as processor 812, coupled to bus 822for processing information. Bus 822 preferably includes low-latency andhigher latency paths that are connected by bridges and adapters andcontrolled within computer system 800 by multiple bus controllers. Whenimplemented as a server or node, computer system 800 may includemultiple processors designed to improve network servicing power.

Processor 812 may be at least one general-purpose processor that, duringnormal operation, processes data under the control of software 850,which may include at least one of application software, an operatingsystem, middleware, and other code and computer executable programsaccessible from a dynamic storage device such as random access memory(RAM) 814, a static storage device such as Read Only Memory (ROM) 816, adata storage device, such as mass storage device 818, or other datastorage medium. Software 850 may include, but is not limited to, code,applications, protocols, interfaces, and processes for controlling oneor more systems within a network including, but not limited to, anadapter, a switch, a server, a cluster system, and a grid environment.

Computer system 800 may communicate with a remote computer, such asserver 840, or a remote client. In one example, server 840 may beconnected to computer system 800 through any type of network, such asnetwork 802, through a communication interface, such as networkinterface 832, or over a network link that may be connected, forexample, to network 802.

In the example, multiple systems within a network environment may becommunicatively connected via network 802, which is the medium used toprovide communications links between various devices and computersystems communicatively connected. Network 802 may include permanentconnections such as wire or fiber optics cables and temporaryconnections made through telephone connections and wireless transmissionconnections, for example, and may include routers, switches, gatewaysand other hardware to enable a communication channel between the systemsconnected via network 802. Network 802 may represent one or more ofpacket-switching based networks, telephony based networks, broadcasttelevision networks, local area and wire area networks, public networks,and restricted networks.

Network 802 and the systems communicatively connected to computer 800via network 802 may implement one or more layers of one or more types ofnetwork protocol stacks which may include one or more of a physicallayer, a link layer, a network layer, a transport layer, a presentationlayer, and an application layer. For example, network 802 may implementone or more of the Transmission Control Protocol/Internet Protocol(TCP/IP) protocol stack or an Open Systems Interconnection (OSI)protocol stack. In addition, for example, network 802 may represent theworldwide collection of networks and gateways that use the TCP/IP suiteof protocols to communicate with one another. Network 802 may implementa secure HTTP protocol layer or other security protocol for securingcommunications between systems.

In the example, network interface 832 includes an adapter 834 forconnecting computer system 800 to network 802 through a link and forcommunicatively connecting computer system 800 to server 840 or othercomputing systems via network 802. Although not depicted, networkinterface 832 may include additional software, such as device drivers,additional hardware and other controllers that enable communication.When implemented as a server, computer system 800 may include multiplecommunication interfaces accessible via multiple peripheral componentinterconnect (PCI) bus bridges connected to an input/output controller,for example. In this manner, computer system 800 allows connections tomultiple clients via multiple separate ports and each port may alsosupport multiple connections to multiple clients.

In one embodiment, the operations performed by processor 812 may controlthe operations of flowchart of FIGS. 9-15 and other operations describedherein. Operations performed by processor 812 may be requested bysoftware 850 or other code or the steps of one or more embodiments ofthe invention might be performed by specific hardware components thatcontain hardwired logic for performing the steps, or by any combinationof programmed computer components and custom hardware components. In oneembodiment, one or more components of computer system 800, or othercomponents, which may be integrated into one or more components ofcomputer system 800, may contain hardwired logic for performing theoperations of flowcharts in FIGS. 9-15.

In addition, computer system 800 may include multiple peripheralcomponents that facilitate input and output. These peripheral componentsare connected to multiple controllers, adapters, and expansion slots,such as input/output (I/O) interface 826, coupled to one of the multiplelevels of bus 822. For example, input device 824 may include, forexample, a microphone, a video capture device, an image scanning system,a keyboard, a mouse, or other input peripheral device, communicativelyenabled on bus 822 via I/O interface 826 controlling inputs. Inaddition, for example, output device 820 communicatively enabled on bus822 via I/O interface 826 for controlling outputs may include, forexample, one or more graphical display devices, audio speakers, andtactile detectable output interfaces, but may also include other outputinterfaces. In one or more alternate embodiments of the invention,additional or alternate input and output peripheral components may beadded.

With respect to FIG. 8, the one or more embodiments of the invention maybe a system, a method, and/or a computer program product. The computerprogram product may include a computer readable storage medium (ormedia) having computer readable program instructions thereon for causinga processor to carry out aspects of the one or more embodiments of theinvention.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe one or more embodiments of the invention may be assemblerinstructions, instruction-set-architecture (ISA) instructions, machineinstructions, machine dependent instructions, microcode, firmwareinstructions, state-setting data, or either source code or object codewritten in any combination of one or more programming languages,including an object oriented programming language such as Smalltalk, C++or the like, and conventional procedural programming languages, such asthe “C” programming language or similar programming languages. Thecomputer readable program instructions may execute entirely on theuser's computer, partly on the user's computer, as a stand-alonesoftware project, partly on the user's computer and partly on a remotecomputer or entirely on the remote computer or server. In the latterscenario, the remote computer may be connected to the user's computerthrough any type of network, including a local area network (LAN) or awide area network (WAN), or the connection may be made to an externalcomputer (for example, through the Internet using an Internet ServiceProvider). In some embodiments, electronic circuitry including, forexample, programmable logic circuitry, field-programmable gate arrays(FPGA), or programmable logic arrays (PLA) may execute the computerreadable program instructions by utilizing state information of thecomputer readable program instructions to personalize the electroniccircuitry, in order to perform aspects of one or more embodiments of theinvention.

Aspects of one or more embodiments of the invention are described hereinwith reference to flowchart illustrations and/or block diagrams ofmethods, apparatus (systems), and computer program products according toone or more embodiments of the invention. It will be understood thateach block of the flowchart illustrations and/or block diagrams, andcombinations of blocks in the flowchart illustrations and/or blockdiagrams, can be implemented by computer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart and/or block diagram blockor blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to one ormore various embodiments of the invention. In this regard, each block inthe flowchart or block diagrams may represent a module, segment, orportion of instructions, which comprises one or more executableinstructions for implementing the specified logical function(s). In somealternative implementations, the functions noted in the block may occurout of the order noted in the figures. For example, two blocks shown insuccession may, in fact, be executed substantially concurrently, or theblocks may sometimes be executed in the reverse order, depending uponthe functionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustration, and combinations of blocksin the block diagrams and/or flowchart illustration, can be implementedby special purpose hardware-based systems that perform the specifiedfunctions or acts or carry out combinations of special purpose hardwareand computer instructions.

Those of ordinary skill in the art will appreciate that the hardwaredepicted in FIG. 8 may vary. Furthermore, those of ordinary skill in theart will appreciate that the depicted example is not meant to implyarchitectural limitations with respect to one or more embodiments of theinvention.

FIG. 9 illustrates a high level logic flowchart of a process andcomputer program for dynamically updating new valid cipher suitesallowed for secured sessions in a list of valid cipher suites maintainedby a centralized service.

In one example, the process and program starts at block 900 andthereafter proceeds to block 902. Block 902 illustrates a determinationwhether a new cipher report is received by a centralized service. Atblock 902, if a new cipher report is received, then the process passesto block 904. Block 904 illustrates analyzing the new cipher reportaccording to one or more requirements, such as authentication of thesource and risk assessment level. Next, block 906 illustrates adetermination whether the new cipher suite in the report has a sourcethat is validated and a risk level below a selected threshold. At block906, if the new cipher suite in the report does not have a source thatis validated or does not have a risk level below a selected threshold,then the process ends without updating the list of permissible ciphers.At block 906, if the new cipher suite in the report has a source that isvalidated and has a risk level below a selected threshold, then theprocess passes to block 908. Block 908 illustrates updating a list ofpermissible ciphers by adding the new cipher suite to the list, and theprocess ends.

FIG. 10 illustrates a high level logic flowchart of a process andcomputer program for dynamically removing vulnerable cipher suites froma list of valid cipher suites maintained by a centralized service anddynamically revoking, by the centralized service, current sessions usingthe vulnerable cipher suites.

In one example, the process starts at block 1000 and thereafter proceedsto block 1002. Block 1002 illustrates specifying an initial list of oneor more permissible ciphers. Next, block 1004 illustrates adetermination whether a vulnerable cipher update is received. At block1004, if a vulnerable cipher update is received, then the process passesto block 1006. Block 1006 illustrates a determination whether thevulnerable cipher update source is validated and the risk level of thevulnerable cipher exceeds a threshold. At block 1006, if the vulnerablecipher update source is not validated or the risk level of thevulnerable cipher does not exceed a threshold, then the process returnsto block 1004. At block 1006, if the vulnerable cipher update source isvalidated and the risk level of the vulnerable cipher exceeds athreshold, then the process passes to block 1008. Block 1008 illustratesupdating the vulnerable ciphers log with the vulnerable cipher update.Next, block 1010 illustrates updating the list of permissible ciphers byremoving the vulnerable cipher from the list of permissible ciphers.Thereafter, block 1012 illustrates a determination whether there are anycurrent secure connections using the vulnerable cipher from among acurrent sessions log. At block 1012, if there are not any current secureconnections using the vulnerable ciphers from among a current sessionslog, then the process ends. At block 1012, if there are current secureconnections using the vulnerable ciphers from among a current sessionslog, then the process passes to block 1014. Block 1014 illustratessending an alert to the applications and admin for each current secureconnection using the vulnerable cipher with a revoke notice and the riskinvolved in continuing the session, and the process ends.

FIG. 11 illustrates a high level logic flowchart of a process andcomputer program for dynamically managing, from a centralized service,valid cipher suites provided to SSL applications for securedconnections.

In one example, the process and computer program starts at block 1100and thereafter proceeds to block 1102. Block 1102 illustrates adetermination whether a list request is received from an SSL applicationestablishing a secure connection. At block 1102, if a list request isreceived from an SSL application establishing a secure connection, thenthe process passes to block 1104. Block 1104 illustrates a determinationwhether the list request source is validated. At block 1104, if the listrequest source is not validated as a subscriber, then the process ends.At block 1104, if the list request source is validated as a subscriber,then the process passes to block 1108. Block 1108 illustrates sendingthe current list of permissible ciphers to the SSL application serviceinterface, and the process ends.

At block 1102, if a list request is not received from an SSL applicationestablishing a secure connection, then the process passes to block 1106.Block 1106 illustrates a determination whether a scheduled service foran SSL application is triggered. At block 1106, if the scheduled servicefor an SSL application is not triggered, then the process returns toblock 1102. At block 1106, if the scheduled service for an SSLapplication is triggered, then the process passes to block 1108. In oneexample, the scheduled service for an SLL application may be triggeredaccording to a schedule in a subscriber service or according to anevent, such as a change to the list of permissible ciphers.

FIG. 12 illustrates a high level logic flowchart of a process andcomputer program for maintaining a current session log by a centralizedservice.

In one example, the process and computer program starts at block 1200and thereafter proceeds to block 1202. Block 1202 illustrates adetermination whether any session data is received from an SSLapplication subscriber. At block 1202, if session data is received froman SSL application subscriber, then the process passes to block 1204.Block 1204 illustrates adding a record of the SSL applicationsubscriber, the mutual cipher identified in the session data, and anadministrative identifier for the session, to a current session log, andthe process ends.

FIG. 13 illustrates a high level logic flowchart of a process andcomputer program for managing a list of permissible ciphers, indicatingvalid ciphers, pushed by the centralized service to a service interfaceaccording to a scheduled service.

In one example, the process and computer program starts at block 1300and thereafter proceeds to block 1302. Block 1302 illustrates adetermination whether any current permissible ciphers are received,pushed by the centralized service according to a scheduled service. Atblock 1302, if current permissible ciphers are received, pushed by thecentralized service according to a scheduled service, then the processpasses to block 1304. Block 1304 illustrates storing the currentpermissible ciphers with a timestamp for use with new sockets for aperiod of time or until an update is received from the centralizedservice, and the process ends.

FIG. 14 illustrates a high level logic flowchart of a process andcomputer program for dynamically managing access to valid cipher suites,by SSL applications, from a centralized service for use in securedconnections.

In one example, the process and computer program starts at block 1400and thereafter proceeds to block 1402. Block 1402 illustrates adetermination whether a secure session is initiated. At block 1402, if asecure session is initiated, then the process passes to block 1404.Block 1404 illustrates a determination whether on-demand service is set.At block 1404, if on-demand service is not set, then the process passesto block 1410. Block 1410 illustrates retrieving a recently stored listof current permissible ciphers pushed from a centralized service, andthe process passes to block 1412.

Returning to block 1404, if on-demand service is set, then the processpasses to block 1406. Block 1406 illustrates sending a list request tothe centralized service. Next, block 1408 illustrates a determinationwhether a list of permitted ciphers is received from the centralizedservice. At block 1408, once a list of permitted ciphers is receivedfrom the centralized service, then the process passes to block 1412.

Block 1412 illustrates filtering the list of permitted ciphers accordingto any rules specified for ciphers for the SSL application. Next, block1414 illustrates negotiating with the other SSL socket for a mutualcipher from among the filtered list of permitted ciphers. Thereafter,block 1416 illustrates a determination whether a secure connection isestablished. At block 1416, if a secure connection is not established,then the process ends. At block 1416, if a secure connection isestablished, then the process passes to block 1418. Block 1418illustrates sending session data for the socket and selected mutualcipher suite to the centralized service. Next, block 1420 illustrates adetermination whether the session has ended. At block 1420, if thesession ends, then the process passes to block 1422. Block 1422illustrates sending session data for the socket to the centralizedservice indicating the session has ended.

FIG. 15 illustrates a high level logic flowchart of a process andcomputer program for dynamically managing access to valid cipher suites,by SSL applications, from a centralized service for use in securedconnections.

In one example, the process and computer program start at block 1500 andthereafter proceed to block 1502. Block 1502 illustrates a determinationwhether a revoke cipher alert is received by a service interface from acentralized service. At block 1502, if a revoked cipher alert isreceived by a service interface from a centralized service, then theprocess passes to block 1504. Block 1504 illustrates a determinationwhether the service interface services an SSL application or anadministrator. At block 1504, if the service interface services an SSLapplication, then the process passes to block 1506. At block 1504, ifthe service interface services an administrator interface, then theprocess passes to block 1512.

Block 1506 illustrates identifying one or more sessions using therevoked cipher in the revoked cipher alert. Next, block 1508 illustratesrevoking the one or more identified sessions. Thereafter, block 1510illustrates updating the stored list of current permissible ciphers toremove the revoked cipher suite, and the process ends.

Block 1512 illustrates identifying one or more output interfaces for theparticular revoked cipher suite and the risk identified in the revokedcipher alert according to admin settings. Next, block 1514 illustratesoutputting the revoked cipher suite and risk to the selected one or moreoutput interfaces, and the process ends.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of one or moreembodiments of the invention. As used herein, the singular forms “a”,“an” and “the” are intended to include the plural forms as well, unlessthe context clearly indicates otherwise. It will be further understoodthat the terms “comprises” and/or “comprising”, when used in thisspecification specify the presence of stated features, integers, steps,operations, elements, and/or components, but not preclude the presenceor addition of one or more other features, integers, steps, operations,elements, components, and/or groups thereof

The corresponding structures, materials, acts, and equivalents of allmeans or step plus function elements in the claims below are intended toinclude any structure, material, or act for performing the function incombination with other claimed elements as specifically claimed. Thedescription of the one or more embodiments of the invention has beenpresented for purposes of illustration and description, but is notintended to be exhaustive or limited to one or more embodiments of theinvention in the form disclosed. Many modifications and variations willbe apparent to those of ordinary skill in the art without departing fromthe scope and spirit of the one or more embodiments of the one or moreembodiments of the invention. The embodiment was chosen and described inorder to best explain the principles of the one or more embodiments ofthe invention and the practical application, and to enable others ofordinary skill in the art to understand the one or more embodiments ofthe invention for various embodiments with various modifications as aresuited to the particular use contemplated.

While the one or more embodiments of the invention has been particularlyshown and described with reference to one or more embodiments, it willbe understood by those skilled in the art that various changes in formand detail may be made therein without departing from the spirit andscope of the one or more embodiments of the invention.

1. A method, comprising: selecting, by a service interface of an SSLapplication hosted on at least one computer system in a hosted network,at least one authorized cipher suite; negotiating, by an SSL socket ofthe SSL application with another SSL socket of another SSL applicationin the hosted network for a mutual cipher from among the at least oneauthorized cipher suite and a shared key to encrypt informationexchanged during a secure session; responsive to establishing a securityconnection between the SSL socket and the another SSL socket using theselected mutual cipher, sending, by the service interface to acentralized service an identifier of the selected mutual cipher; andresponsive to receiving, by the service interface, a revoked cipheralert from the centralized service, revoking one or more sessions of theSSL application using a revoked cipher in the revoked cipher alertmatching the selected mutual cipher.
 2. The method according to claim 1,wherein selecting, by a service interface of an SSL application hostedon at least one computer system in a hosted network, at least oneauthorized cipher suite further comprises: responsive to a securesession phase triggered, sending, by the service interface, a request tothe centralized service available in the hosted network for a permissionlist of at least one cipher suite valid for security connections; andresponsive to receiving the permission list of the at least one ciphersuite from the centralized service, filtering, by the service interface,the permission list according to one or more rules specified for ciphersfor the SSL application to select the at least one authorized ciphersuite.
 3. The method according to claim 2, further comprising: storingthe permission list with a timestamp for use with new sockets by the SSLapplication for at least one of a period of time and until an update isreceived from the centralized service.
 4. The method according to claim1, wherein negotiating, by an SSL socket of the SSL application withanother SSL socket of another SSL application in the hosted network fora mutual cipher from among the at least one authorized cipher suite anda shared key to encrypt information exchanged during a secure sessionfurther comprises: negotiating, by the SSL socket of the SSL applicationwith the another SSL socket of the another SSL application in the hostednetwork, wherein the SSL socket and the another SSL socket are endpointsin communication flow between the SSL application and the another SSLapplication.
 5. The method according to claim 1, further comprising:responsive to establishing a security connection between the SSL socketand the another SSL socket using the selected mutual cipher, storing, bythe SSL socket, attributes for controlling the SSL socket by theselected mutual cipher and the session data in an SSL configuration ofthe SSL application.
 6. The method according to claim 1, furthercomprising: responsive to receiving, by the service interface, a revokedcipher alert from the centralized service, updating a stored list ofcurrent permissible ciphers stored by the SSL client application toremove the revoked cipher.
 7. The method according to claim 1, whereinresponsive to establishing a security connection between the SSL socketand the another SSL socket using an identifier of the selected mutualcipher, sending, by the service interface to a centralized service theselected mutual cipher further comprises: sending, by the serviceinterface to the centralized service a session identifier identifyingthe selected mutual cipher and the SSL socket, wherein the centralizedservice adds the session identifier to a current session log, whereinresponsive to identifying a particular cipher suite is vulnerable, thecentralized service searches the current session log to determine if theparticular cipher suite matches one or more previously stored mutualcipher suites, wherein responsive to the particular cipher suitematching one or more previously stored mutual cipher suites, thecentralized service generates the revoked cipher alert to send to eachsocket specified in each entry of the current session log for thematching one or more previously stored cipher suites.
 8. The methodaccording to claim 1, wherein selecting, by a service interface of anSSL application hosted on at least one computer system in a hostednetwork, at least one authorized cipher suite further comprises:selecting, by the service interface of the SSL application, the at leastone authorized cipher suite, wherein the service interface is specifiedin a secure socket layer configuration for specifying the SSL socket. 9.The method according to claim 1, wherein responsive to establishing asecurity connection between the SSL socket and the another SSL socketusing the selected mutual cipher, sending, by the service interface to acentralized service an identifier of the selected mutual cipher furthercomprises: sending, by the service interface, the identifier of theselected mutual cipher to the centralized service via an ad hoc networkconnection between the service interface and the centralized service.10. A computer system comprising: one or more processors, one or morecomputer-readable memories, one or more computer-readable storagedevices, and program instructions, stored on at least one of the one ormore storage devices for execution by at least one of the one or moreprocessors via at least one of the one or more memories, the storedprogram instructions comprising: program instructions to select, by aservice interface of an SSL application hosted on at least one computersystem in a hosted network, at least one authorized cipher suite;program instructions to negotiate, by an SSL socket of the SSLapplication with another SSL socket of another SSL application in thehosted network for a mutual cipher from among the at least oneauthorized cipher suite and a shared key to encrypt informationexchanged during a secure session; program instructions to, responsiveto establishing a security connection between the SSL socket and theanother SSL socket using the selected mutual cipher, send, by theservice interface to a centralized service an identifier of the selectedmutual cipher; and program instructions to, responsive to receiving, bythe service interface, a revoked cipher alert from the centralizedservice, to revoke one or more sessions of the SSL application using arevoked cipher in the revoked cipher alert matching the selected mutualcipher.
 11. The computer system according to claim 10, wherein theprogram instructions to select, by a service interface of an SSLapplication hosted on at least one computer system in a hosted network,at least one authorized cipher suite further comprise: programinstructions to, responsive to a secure session phase triggered, send,by the service interface, a request to the centralized service availablein the hosted network for a permission list of at least one cipher suitevalid for security connections; and program instructions to, responsiveto receiving the permission list of the at least one cipher suite fromthe centralized service, filter, by the service interface, thepermission list according to one or more rules specified for ciphers forthe SSL application to select the at least one authorized cipher suite.12. The computer system according to claim 11, the stored programinstructions further comprising: program instructions to store thepermission list with a timestamp for use with new sockets by the SSLapplication for at least one of a period of time and until an update isreceived from the centralized service.
 13. The computer system accordingto claim 10, wherein the program instructions to negotiate, by an SSLsocket of the SSL application with another SSL socket of another SSLapplication in the hosted network for a mutual cipher from among the atleast one authorized cipher suite and a shared key to encryptinformation exchanged during a secure session further comprise: programinstructions to negotiate, by the SSL socket of the SSL application withthe another SSL socket of the another SSL application in the hostednetwork, wherein the SSL socket and the another SSL socket are endpointsin communication flow between the SSL application and the another SSLapplication.
 14. The computer system according to claim 10, the storedprogram instructions further comprising: program instructions to,responsive to establishing a security connection between the SSL socketand the another SSL socket using the selected mutual cipher, store, bythe SSL socket, attributes for controlling the SSL socket by theselected mutual cipher and the session data in an SSL configuration ofthe SSL application.
 15. The computer system according to claim 10, thestored program instructions further comprising: program instructions to,responsive to receiving, by the service interface, a revoked cipheralert from the centralized service, update a stored list of currentpermissible ciphers stored by the SSL client application to remove therevoked cipher.
 16. The computer system according to claim 10, whereinthe program instructions to, responsive to establishing a securityconnection between the SSL socket and the another SSL socket using anidentifier of the selected mutual cipher, send, by the service interfaceto a centralized service the selected mutual cipher, further comprise:program instructions to send, by the service interface to thecentralized service a session identifier identifying the selected mutualcipher and the SSL socket, wherein the centralized service adds thesession identifier to a current session log, wherein responsive toidentifying a particular cipher suite is vulnerable, the centralizedservice searches the current session log to determine if the particularcipher suite matches one or more previously stored mutual cipher suites,wherein responsive to the particular cipher suite matching one or morepreviously stored mutual cipher suites, the centralized servicegenerates the revoked cipher alert to send to each socket specified ineach entry of the current session log for the matching one or morepreviously stored cipher suites.
 17. The computer system according toclaim 10, wherein the program instructions to select, by a serviceinterface of an SSL application hosted on at least one computer systemin a hosted network, at least one authorized cipher suite furthercomprise: program instructions to select, by the service interface ofthe SSL application, the at least one authorized cipher suite, whereinthe service interface is specified in a secure socket layerconfiguration for specifying the SSL socket.
 18. The computer systemaccording to claim 10, wherein the program instructions, responsive toestablishing a security connection between the SSL socket and theanother SSL socket using the selected mutual cipher, send, by theservice interface to a centralized service an identifier of the selectedmutual cipher further comprise: program instructions to send, by theservice interface, the identifier of the selected mutual cipher to thecentralized service via an ad hoc network connection between the serviceinterface and the centralized service.
 19. A computer program productcomprising one or more computer-readable storage devices and programinstructions, stored on at least one of the one or more storage devices,the stored program instructions comprising: program instructions toselect, by a service interface of an SSL application hosted on at leastone computer system in a hosted network, at least one authorized ciphersuite; program instructions to negotiate, by an SSL socket of the SSLapplication with another SSL socket of another SSL application in thehosted network for a mutual cipher from among the at least oneauthorized cipher suite and a shared key to encrypt informationexchanged during a secure session; program instructions to, responsiveto establishing a security connection between the SSL socket and theanother SSL socket using the selected mutual cipher, send, by theservice interface to a centralized service an identifier of the selectedmutual cipher; and program instructions to, responsive to receiving, bythe service interface, a revoked cipher alert from the centralizedservice, to revoke one or more sessions of the SSL application using arevoked cipher in the revoked cipher alert matching the selected mutualcipher.
 20. The computer program product according to claim 19, thestored program instructions further comprising: program instructions to,responsive to a secure session phase triggered, send, by the serviceinterface, a request to the centralized service available in the hostednetwork for a permission list of at least one cipher suite valid forsecurity connections; and program instructions to, responsive toreceiving the permission list of the at least one cipher suite from thecentralized service, filter, by the service interface, the permissionlist according to one or more rules specified for ciphers for the SSLapplication to select the at least one authorized cipher suite.